The present invention relates to encrypting information for secure storage.
Increasingly, information produced by a client must be shared by other clients connected through a computer network. The information may be kept on one or more storage systems also connected to the network. Such networks often interconnect many clients throughout an organization, some of whom are excluded from access to the information. The network may also support connections to public networks, such as the Internet, providing the possibility of unauthorized access from outside of the organization. As such, interconnection networks are often untrusted.
Certain types of information produced and used within an organization must be kept secure. This information includes financial figures, personnel data, health information, business plans, trade secrets, and the like. A client producing such information should be able to read and write this information over an untrusted network. Further, access to this information should be restricted to only those clients with proper authorization.
One method to protect information is to encrypt the information using a key and then transmit the encrypted information over an untrusted network. Two types of encryption may be used, symmetric and asymmetric. In symmetric encryption, the same data key is used to encrypt and decrypt the information. Various types of symmetric encryption which are known in the art include the Data Encryption Standard (DES) algorithm as described in Federal Information Processing Standard Publication 46-1; the Improved DES (IDES) algorithm as described in U.S. Pat. No. 5,214,703 titled xe2x80x9cDevice For The Conversion Of A Digital Block And Use Of Samexe2x80x9d; and the RC-5 algorithm as described in U.S. Pat. Nos. 5,724,428 and 5,835,600 both titled xe2x80x9cBlock Encryption Algorithm With Data-Dependent Rotationsxe2x80x9d; each of which is incorporated herein by reference.
In asymmetric encryption, a first key is used to encrypt the information and a second key is used to decrypt the information. Typically, the first key is a public key which may be widely known and the second key is a private key which is known only to authorized clients. Various forms of asymmetric encryption are known in the art, including the Diffie-Hellmean algorithm as described in U.S. Pat. No. 4,200,770 titled xe2x80x9cCryptographic Apparatus And Methodxe2x80x9d; and U.S. Pat. No. 4,405,829 titled xe2x80x9cCryptographic Communications System And Methodxe2x80x9d; each of which is incorporated by reference herein.
A technique for sending information over an untrusted network is end-to-end encryption. A host or storage server sends a data key to the client encrypted using a client key which is secret to the host and the client. The client decrypts the data key and holds the data key in a protected region of memory. Data transferred between the host and the client is encoded at one end and decoded at the other end using the data key. The data key is used throughout the entire information access session.
End-to-end encryption has several problems. First, the client key must be known by both the host and the client. Second, because the protected region of memory is part of the client, an imposter client may access protected information. The imposter client may have a stolen client key or may be a client for whom access privileges have been revoked. Third, because the client decrypts the data key and the data, the decrypted data key may be accessible through an attack at the operating system level.
It is an object of the present invention to separate the client from client-side encryption and decryption.
It is another object of the present invention to permit a client access to information over an untrusted network without permitting the clients to have direct contact with encryption and decryption keys.
Still another object of the present invention is to permit a client to access information over an untrusted network without having the client handle encrypted information.
Yet another object of the present invention is to permit a client to access information over an untrusted network without having the client carry out the encrypting or decrypting process.
A further object of the present invention is to provide secure access to data held on storage devices.
In carrying out the above objects and other objects and features of the present invention, an information encryption system is provided. The information encryption system includes at least one client for processing information. The system also includes at least one storage device for holding the information. At least one key server provides a data key for encrypting and decrypting the information. An encryption module is associated with each client. Each encryption module has a first processor accessing a first memory and a second processor accessing a second memory different from the first memory. The first processor communicates with the associated client. The second processor communicates with the storage device. The first processor communicates with the second processor through a dedicated channel. The second processor obtains the data key from the key server. Information is received from the first processor over the dedicated channel and encrypted using the data key. The encrypted information is then stored on the storage device. The second processor also reads the encrypted information from the storage device, decrypts the information using the data key, and sends the decrypted information to the first processor over the dedicated channel.
In an embodiment of the present invention, each client has a private key and a matching public key such that data encoded with the client public key can only be decoded with the client private key. The client private key may be held by the second processor or may be read by the second processor from a key reader.
In another embodiment of the present invention, the key server receives a request from an encryption module to access encrypted information, the request including the client public key. The key server determines if the associated client has access to the encrypted information. If the client has access, the data key is encrypted using the client public key. The encrypted data key is sent to the requesting encryption module. The second processor receives the encrypted data key and decrypts the encrypted data key with the client private key.
In yet another embodiment of the present invention, the encryption module is a printed circuit card that can be inserted into a card slot in the client processor. In a refinement, the client includes a driver for accessing the encryption module. The driver includes a first logical portion in communication with a second logical portion. The first logical portion provides the client interface to the driver. The second logical portion controls communication with the first processor.
In a further embodiment of the present invention, the second processor functions as the key server.
An information encryption module is also provided. The module includes a first processor in communication with the client. A first memory, accessible by the first processor, holds unencrypted information. A second processor communicates with at least one storage device and a key server. The second processor is connected to the first processor through a dedicated channel. The second processor decrypts the data key and encrypts and decrypts information with the decrypted data key. A second memory, accessible by the second processor, holds encrypted information.
A method is also provided for writing information in an encrypted format to at least one storage device. A data key is obtained. A request is received from the client to store information. Unencrypted information is written to a first memory. The unencrypted information is encrypted using the data key. The encrypted information is written to a second memory not accessible by the client. The encrypted information is sent from the second memory to the storage device.